On Fri, 30 Jul 1999, F. Steiner wrote:
Has anyone any idea how to prevent this??? Can NFS be told to check passwords during mounting? For example, rlogin would not work in the situation constructed above because it would realize the user having two different passwords. But can NFS be told to do that?
Hello Frank, I had the same problem some years ago. The solution was "cipe" (Crypto IP Encapsulation, http://sites.inka.de/sites/bigred/devel/cipe.html) from Olaf Titz. I think, there is now also a cipe-package in the SuSE-Dis. If you want, I can send you my configuration as an example later (it's at home)! It's a little bit like this (I forgot the details): you export a filesystem to an IP (one of the free ones, that are not routed...), which is tunneled (and the IP package encrypted) to the nfs-clients IP. On the clients side it's almost the same. En- and decrypting is done via keys on the harddisk of client and server, and students won't have access to them! Excuse, I used this a long time ago, if you need details (free IP-numbers etc), I will be able to send them saturday! Cheers, Peter